We have created a SAP query and infoset for displaying invoices. We want to restrict the users from viewing data of company code for which they don't have display authorization. For instance if user is authorized only for displaying data for US company code then he should not be able to see the data for company Italy. Also the company code parameter is a select option in SAP query.

So the user can enter '*' also. In that case we want to display the data for all company codes for which user is authorized to. We tried to do change in code in infoset on AT SELECTION SCREEN but its not working as the variables in the program generated for query are not visible in Infosets. Please let us know how can we fix this requirement.

*---Authorization for Company code entered by the users.
*---This code will restrict users to see data for company
*---codes which they are not authorized to.
*---Select all the company codes based upon selection entered by the
*---user
SELECT bukrs
FROM t001
INTO TABLE li_bukrs
WHERE bukrs IN bukrs.
IF sy-subrc EQ 0.
*---Clear Screen variable for Company code
CLEAR bukrs.
REFRESH bukrs.
*---Filter and prepare Select options for Company code table to be
*---passed to query. Table will only have values of company codes he is
*---authorized to for display.
LOOP AT li_bukrs INTO lwa_bukrs.
AUTHORITY-CHECK OBJECT 'F_BKPF_BUK'
ID 'BUKRS' FIELD lwa_bukrs
ID 'ACTVT' FIELD '03'.
IF sy-subrc = 0.
bukrs-sign = 'I'.
bukrs-option = 'EQ'.
bukrs-low = lwa_bukrs.
bukrs-high = space.
APPEND bukrs.
ELSE.
lv_flag = 'X'.
ENDIF.
ENDLOOP.
*---Give warning message to the user in case he is not authorized to see
*---data for all the company codes that he has entered.
IF lv_flag = 'X'.
MESSAGE ID 'ZF_MSS_FNG' TYPE 'W' NUMBER '015'.
ENDIF.
ENDIF.

When checking the source code, there is an error after the first select so the query couldn't be generated.

"The IN operator with "BUKRS" is followed neither by an internal table nor by a value list."

I managed to add this code directly into the program by replacing "bukrs" by the select-options object refering to company code (ex: SP$00003), but I'd prefer to maintain all this authorization check inside the SAP Query.

Is there any ABAP developer out there who can't help me achieving this authorization check through SAP Query.